Analysis
-
max time kernel
149s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
28-02-2024 15:58
General
-
Target
2024-02-28_a69f85d2d1e5658c819e6d7a247626d8_goldeneye.exe
-
Size
408KB
-
MD5
a69f85d2d1e5658c819e6d7a247626d8
-
SHA1
7935f6dc087de3ce77d983723b9ffdf512082785
-
SHA256
57a7167c5ba4644a67603d4f791f465560b74cbc4c7db85feb38390dcbcc92f5
-
SHA512
f5eb2a152bde4828f435e8e1c4b6956ad738fa3ab25c8fa3efc4df488bd4070466d6dfb08a7c0aa618c15bbb4f18bee1a947c581fa543a77ef598d72a411d3f9
-
SSDEEP
3072:CEGh0oyl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGAldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-28_a69f85d2d1e5658c819e6d7a247626d8_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-28_a69f85d2d1e5658c819e6d7a247626d8_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{09FBEBB3-4DB7-4b74-96F0-746F2FB9E0D6}.exeC:\Windows\{09FBEBB3-4DB7-4b74-96F0-746F2FB9E0D6}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CF95203B-78CC-4363-9AC1-2D3E5371CE12}.exeC:\Windows\{CF95203B-78CC-4363-9AC1-2D3E5371CE12}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CF952~1.EXE > nul4⤵
-
-
C:\Windows\{0386C600-BA9D-4cb1-9F5F-1E11138F60B1}.exeC:\Windows\{0386C600-BA9D-4cb1-9F5F-1E11138F60B1}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6C127B07-9B25-4a8a-80C0-722FBE0898F6}.exeC:\Windows\{6C127B07-9B25-4a8a-80C0-722FBE0898F6}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{831D1EE0-42E6-4c3f-BE3A-E6B2BF5B0823}.exeC:\Windows\{831D1EE0-42E6-4c3f-BE3A-E6B2BF5B0823}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{91D913B9-8205-44a7-8FAB-B2AD5C4CF340}.exeC:\Windows\{91D913B9-8205-44a7-8FAB-B2AD5C4CF340}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{95B4C7F2-9A06-470f-925D-D3DEE9437C00}.exeC:\Windows\{95B4C7F2-9A06-470f-925D-D3DEE9437C00}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{573FEC55-1887-4673-BBB4-CA89981D4B19}.exeC:\Windows\{573FEC55-1887-4673-BBB4-CA89981D4B19}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{143B5C2C-272F-461a-B4DE-C10DEDA63CF7}.exeC:\Windows\{143B5C2C-272F-461a-B4DE-C10DEDA63CF7}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BDE2C561-62F6-443b-860C-1BFBAA32C4CB}.exeC:\Windows\{BDE2C561-62F6-443b-860C-1BFBAA32C4CB}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A44D8EE4-145C-4744-BFDF-DEC9B130BB32}.exeC:\Windows\{A44D8EE4-145C-4744-BFDF-DEC9B130BB32}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{9164AB4F-EA76-4020-8950-B47C716E85BF}.exeC:\Windows\{9164AB4F-EA76-4020-8950-B47C716E85BF}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A44D8~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BDE2C~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{143B5~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{573FE~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{95B4C~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{91D91~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{831D1~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6C127~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0386C~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{09FBE~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5f9a2f30bef4ccc703628e68797cdca79
SHA1a8ea81f675459316b987fe2d4064f42e322bb4f8
SHA2569fbb87e36e1da9b26690834491785ca66908ae68fc671012bb7a79528d2ea920
SHA5123350737a4fdf8453725fd5f54b725c10ed5cf2ec282e719b10dfabd332db9c493843ec8fb43502c9fd6779621966c8cc2d0e6a322081637545a109cfee0197f7
-
Filesize
408KB
MD5b34e22068f0453e11a441a89aa9ac8ca
SHA112a225b940f568ed67b05d3c67398db11f63657f
SHA2569d0dc26b3bb5495ecd225ad6361f86a91219d413d0a288c2fe75a13e27a9ddc3
SHA51279b68572678fcf512c0d428b0ff26d1ed03292b7b8e34bee920b1113e360bedec066aa135ee2e9bf7af8163e0df9ff5f7293bd5f16d3279ca9afeeeae14d3c2d
-
Filesize
408KB
MD5c18fce4ddc5b86d757c801486a06ce8d
SHA1ed55749bc1308488c3f0fb13fa0d04a50b7bf0ce
SHA256011b1c2d7d165c04112fca2bb487a8d18931ef03b0d3654538c3e1161f76ca88
SHA512ade08b310f89ef7fd3e201de965b02370f55f8d22d750a8fe1e51a648f06ac0948da7f841f7ebd75ea84702887fce5b6cd9e9e81a1f6f0ab4d8d9771855589c6
-
Filesize
408KB
MD57f82cc85312279509058abcda9e7adbf
SHA1ade131904264c4a788941a117a5fa76d1b91eafb
SHA2568784f7b214b133034f2428b5eaf7adf42bb863e9c79de920250aa748f61cc369
SHA512baf88d0eaebfc3de0d4335dcfaa6d42217368ec32f013cc94d7b05483f2b1b3f0bbf5f0845da3d7224d1cccb68c314bcb4d27c1f266e8fc7c79dbae0aab97e9b
-
Filesize
408KB
MD51c975f01a97a02ccf58d690042f431e4
SHA17087bf64a45fa20560d36d8d8efe0aa33fb38891
SHA2568560cd155e858fb37a71d7a48abfc1d71b67c29811c77779d46c6f8f53856e3d
SHA5122208b7eecfa81f5e9131db9c6b89d55c50878843d9dad2c1a573cda3d4e086f1ac0ed0f5c0506fa1ba63ff41f1abd46344662d97bb53e142679b6f8ffa68df7d
-
Filesize
408KB
MD5ae6fc7bd3495ec91778a027d2d09dffc
SHA1acde03f600be32205c43ff82d47bc2af94054468
SHA25668a95d0fdcd59ce7108ad622d9bdb570eea07917e27699c1bf3189f6b1ea1f8f
SHA512dc6bb8f5a49bb40711d728bb9b1bcf1a7021326552167ee07769909c5b86c10365dd51b11c35e0eddfef27afac3ff3db8be2d28695b78ed45ccaa8ea6be9559c
-
Filesize
408KB
MD5dca98c11a933343013cb0111a9ebe7ad
SHA1881cacb11cdfe6c1b74a73d80843a511abb79135
SHA256017be7f7b82f9336aa6a0c0550b540988ae71c120af74d713417fa468ad1c9a7
SHA512e28a2c1a8c7fd8cf652528d5edeec2f5e51bf7454933a61699149982d3a598698a9db7f04803b31a3f6bad994ca487e21238c566a8abf8c52dbd02a3fabbea71
-
Filesize
408KB
MD55a0e0fe750fbf8c4f8d21749fc05da86
SHA1e79eca3a686f6a917ebb9ca8e805411458a06a88
SHA256681988910a2858ccc9f5eeea961bec8fa66bcfbd5224d34294802d7e92ef2205
SHA512173076465eca2708ecad5f2e3a9fc6109e73e0cc20b5a9be91d30c8e61b71646481f090c98d7a6af827bf173cd89f7232ea13f546a66063bf1a963ac64e5866b
-
Filesize
408KB
MD55af243273544c2cd1c1655cdee48c0a1
SHA1352107287cf63164995686d2aed9a1e108d7a4ad
SHA2564c49f5ed028a87a9cef6585941c0334fa92e70094a39569d6c737bb1c9e13d32
SHA512962355dd69bfa4267ed42c93369b1fa518c6bab69782adb517a173c023dece19d1747a1bb988d119cd201d4bfa0d9c2c4f2168f2ddf1cfdfd94cabeeb19ab278
-
Filesize
408KB
MD5926fbf0a02a7bcca8291e64c0122ef81
SHA1eb991589db9e6ce17d8d8cb4ba1fa97977ab7cd5
SHA256ca41b0d875dbf607d028e0bdde421a73d75c39ffbd643fe330749282e9ac9f57
SHA51216fffadc4faf30db1f65356a4663c5e03122ec36b13f62ee01de547de68adb1ac416d9b68ccab504ab3065b2fe2661c7114f9d701c02751b35711af2911b0983
-
Filesize
408KB
MD5cb3ea2b91a33639df23ea810e4ef84b8
SHA1c7c617cebffb7a02057054f7a02a93f9e15872dc
SHA256531e66bc2ff89a0f369e8f730c294b35ef980fe40ee3362ff47ffeb516e1077e
SHA512db19b7461687c56397de42d6e63f01ca1a0120d60e6378b5b56330d991efbdba1859fa7ca27368ade8eec5900cf4c6407cbfacad64a85cd898c12ff8360f8fa2
-
Filesize
408KB
MD570a85017948a7c41853a9348d22d4e1f
SHA112a39ac460229393a9512217c6524380544b4e4d
SHA2567a169dcac36b71729154b8f816bc7878f79d6c0b778794b5aa8d8124cb6e8792
SHA51249396e0f358c4bbec4e0578721df8f2c084be354ed303bf72052f89ce7adc2a3d554302e8a95ca93f3ad2f8909cb18b41089329fc0fb97f405f037b7cc72cb65